Free Security Tools & CVE Database

Track CVE vulnerabilities, run security tools, and stay informed with expert cybersecurity guides.

🛡️ CVE Vulnerability Database (8,987+ CVEs tracked) Browse all →

🔴 Critical (831) 🟠 High (2,811) 🟡 Medium 🟢 Low 📅 2026

STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data, or authentication tokens. This issue was fixed in version 9.5.

Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded. This issue was fixed in version 9.5.

A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an authenticated attacker to view sensitive data such as data belonging to other users, or any other data that the app...

CVE-2026-9011 7.5

The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

CVE-2026-8692 4.3

The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it po...

CVE-2026-8684 5.3

The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrite or de...

🏢 Browse CVEs by Vendor:

Google (134) Microsoft (115) Openclaw (110) Apache (89) Linux (81) Mozilla (80) Axiomthemes (58) Tenda (45)

🛠️ Security Tools View all →

Password Checker

Test your password strength

Password Generator

Generate secure passwords

Privacy Score Quiz

Rate your digital privacy habits

Phishing Detector

Analyze suspicious emails

Data Breach Info

What to do after a breach

Compare top VPN services

Encryption Strength

Evaluate algorithm security

Audit your WiFi settings

2FA support by service

Social Privacy Audit

Lock down your social accounts

📝 Latest Articles

Your Ubuntu Desktop Has a Ticking Root Bomb and You Have Got Exactly 10 Days to Defuse It

Privacy Tools

Your Ubuntu Desktop Has a Ticking Root Bomb and You Have Got Exactly 10 Days to Defuse It

CVE-2026-3888 lets any local attacker escalate to full root access on default Ubuntu Desktop installations through a timing exploit in snap-confine and systemd-tmpfiles. Here is how to check if you are vulnerable and what to do about it right now.

Mar 18, 2026 6 min read

North Korea Is Using Your Friends KakaoTalk to Send You Malware — Here Is How the Konni Attack Chain Actually Works

Threat Analysis

North Korea Is Using Your Friends KakaoTalk to Send You Malware — Here Is How the Konni Attack Chain Actually Works

The Konni hacking group is turning compromised KakaoTalk accounts into malware distribution hubs. A deep dive into the attack chain and four practical defenses.

Mar 17, 2026 6 min read

GlassWorm Just Hijacked Developer GitHub Tokens to Poison 300 Python Repos — Here Is Why Your Password Manager Alone Cannot Protect Your Code Credentials

Password Managers

GlassWorm Just Hijacked Developer GitHub Tokens to Poison 300 Python Repos — Here Is Why Your Password Manager Alone Cannot Protect Your Code Credentials

GlassWorm ForceMemo attack steals GitHub tokens via malicious VS Code extensions, then force-pushes malware into Python repos. Your password manager cannot protect code credentials — here is why you need a dedicated secrets vault and the 15-minute audit to do right now.

Mar 17, 2026 7 min read

DRILLAPP Just Turned Microsoft Edge Into a Full Spy Suite — 6 Browser Security Tools That Would Have Stopped It Cold

How-To Guides

DRILLAPP Just Turned Microsoft Edge Into a Full Spy Suite — 6 Browser Security Tools That Would Have Stopped It Cold

DRILLAPP turns Microsoft Edge into a surveillance tool using debug flags. Here are 6 browser security tools — from enterprise EDR to free Sysmon rules — that would have caught it.

Mar 16, 2026 7 min read

Canada Just Passed a Mass Surveillance Bill and Your Country Is Probably Next — Here Is How to Lock Down Your Metadata Right Now

How-To Guides

Canada Just Passed a Mass Surveillance Bill and Your Country Is Probably Next — Here Is How to Lock Down Your Metadata Right Now

Canada's Bill C-22 introduces mass metadata surveillance capabilities. A step-by-step guide to locking down your DNS, VPN, browser compartmentalization, and home network before similar legislation reaches your country.

Mar 16, 2026 8 min read

ClickFix Social Engineering Just Tricked Mac Users Into Installing Their Own Malware — Here Is How to Spot It Before You Paste That Terminal Command

How-To Guides

ClickFix Social Engineering Just Tricked Mac Users Into Installing Their Own Malware — Here Is How to Spot It Before You Paste That Terminal Command

Three ClickFix campaigns are using fake AI tool installers and malicious Google Ads to trick Mac users into pasting Terminal commands that install the MacSync infostealer. Here is a step-by-step guide to identifying and blocking these attacks.

Mar 16, 2026 7 min read